8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
A security vulnerability has been identified in IBM Spectrum Scale Container Native that could allow an attacker to acquire root privileges on the host using unshare. A fix for this vulnerability is available.
CVEID:CVE-2022-41736
**DESCRIPTION:**IBM Spectrum Scale contains an unspecified vulnerability that could allow a local user to obtain root privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237810 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Scale Container Native Storage Access | 5.1.2.1 - 5.1.6.0 |
For this specific issue, upgrade to IBM Spectrum Scale Container Native v5.1.7.0 or later and OpenShift Container Platform 4.11, or higher.
For IBM Spectrum Scale Container Native, see the supported upgrade paths and follow the version specific steps to upgrade to the target version. <https://www.ibm.com/docs/en/scalecontainernative>.
Note:
If you have issues upgrading to the specified level, contact IBM Service.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.1. |
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%